"Last Tuesday at about 11 a.m.," said California Department of Technology Services spokesman Jim Hanacek, "we received an e-mail from the federal General Services Administration saying they were deleting the ca.gov domain from their master server." The message however, arrived as an ordinary e-mail, said Hanacek, and went to an e-mail in-box where it was noticed about noon.
When the potential impact of shutting down all the ca.gov Web sites was realized, the issue quickly elevated, and about 2 p.m., the state activated the Emergency Operations Center.
A hacker had evidently redirected traffic from the Transportation Authority of Marin County to a pornographic Web site. Since the federal GSA is responsible for the dot gov domain, they pulled the plug.
"We all were on the phone calling contacts at the federal level to see who we needed to talk to in order to get the change reversed," said Hanacek.
Unlike outages caused by a backhoe cutting a fiber-optic cable, said Hanacek, this outage worked its way though computer systems, since addresses are refreshed on varying schedules. "There were no major outages," said Hanacek, "only random outages so that a department couldn't send e-mail to the building next door, and some Web sites weren't working.
"We finally got through to the right people about five o'clock and they put ca.gov back in as a legitimate domain, and did a forced update, to make the change back right now." The hacker problem was handled by deleting a sub-domain. By 5:30, said Hanacek, ca.gov was coming back up. "If we hadn't seen this and been on top of it, it could have had a big impact," he said. Luckily, the Highway Patrol and Department of Justice had no major outages and everything was back to normal by 7 p.m.
Since then, said Hanacek, the state has had several conversations with the GSA to provide adequate notification in the event something similar happens again.